Whether you want to download an application on your smart phone, install an operating system or purchase a software, you have to share your personal details including name, email id and phone number. Companies collect data from its users to serve them better, help them in need and market their products. However, any miss-use, theft or breach of the data leaves customers cheated and exposed to cyber attacks.
Maintaining safety of customer’s information is considered among the primary responsibility of every organization. Data breach in multinational companies like Facebook, Uber and Equinox in the past had left regulators with the only option of implementing comprehensive regulation on data privacy in order to protect its citizens.
Before we begin the discussion, let’s understand what is meant by data. GDPR (General Data Protection Regulation) defines personal data as “any information relating to an identified or identifiable natural person”. This includes biographical data (name, address, contact number); physical data (hair colour, height, race) medical data, education and work history.
GDPR is a basket of new laws enacted by the European Union to protect its citizen’s personal data since May 25, 2018. It lays guidelines for companies both in Europe and beyond on how data should be collected and be protected. The law specifies how and why data should be collected after consent; the necessary infrastructure companies should have to protect it and what should they disclose before collecting any information.
If your businesses/branch is located in Europe or you have customers in Europe you might want to update your privacy policy, given the hefty fine the law imposes.
One of the significant aspects of the law is the related to consent required from citizens before they sign up. GDPR requires organizations to inform every user about the usage and safety of their information. It also directs companies to get consent from parents, if the user is an under-age (below 16 years).
So, what changes businesses need to make?
Given the detailed nature of GDPR - addressing every aspect of privacy, companies need to re-look at their privacy policy and update it with required changes. You need to build your security infrastructure to protect your data and document an action in case of a breach. The next stage would be to inform users about the changes and gain confidence.
What happens if you fail to adhere to the rules?
EU regulators possess legal power to impose fine on companies if they fail to implement the guidelines and continue to operate in Europe or have access to European citizens. EU can impose a fine of 20 million Euros or 4% of the global annual revenue, whichever is higher. On July 18, 2018, the EU Regulators asked Google to pay $5 billion as fine for breaking antitrust laws. The allegations said Google was forcing its Search Engine and Chrome apps with android; it avoided phones using duplicate versions of android. Additionally, it paid heavily to manufacturers to attach its apps pre-installed in new phones.
Complying with GDPR shall help you make your data more secure, avoid any penalty and gain more confidence from customer. If want to consult a cyber security specialist don’t hesitate to contact us at info@siriniti.net. We will be happy to walk you through the cyber security measures to be implemented and help you protect your data.